Cloud Configuration Compliance for Multicloud Environments

Get a single pane of glass to audit all of your cloud platform configurations

Visibility and Analysis for Compliance in Multicloud Environments

Complexity is an enemy of security; a unified view is essential to simplify the complexity of having multiple configurations. Lacework does this across AWS, GCP, and Azure by bringing multiple clouds into one portal. This means no logging into different disparate tools to evaluate your stance. It is a single pane of glass to audit all of your cloud platform configurations. As configurations change, Lacework will monitor and alert any time a configuration goes out of compliance. This ensures that security and compliance teams immediately become aware of issues so they can be fixed before data and cloud resources are compromised. 

Lacework delivers deep visibility for configurations across all of an enterprise’s cloud accounts and workloads so organizations can ensure compliance with industry, governmental, and institutional standards. Operating on multiple cloud platforms can increase the threat vector of the overall infrastructure and add complexity to an already challenging task. Lacework operates as a comprehensive, centralized solution to identify, analyze, and alert on configuration issues.

Identify Configuration Issues

  • Find Identity and Access Management (IAM) vulnerabilities, including root account, password requirements, and usage of MFA.
  • Check for logging best practices enable log files across regions, and enable that log files are validated and encrypted.
  • Monitor critical account activity such as unauthorized API calls and use of the management console for unauthorized purposes.
  • Confirm secure network configurations, including limiting access to vulnerable ports, enforcing “least access” privileges, and checking for the use of flow logging.

Track Configuration Changes Continuously

  • Daily re-audit to maintain compliance and protection.
  • Monitor account activity for abnormal activity, even when that activity is technical authorized.
  • Receive customizable alerts when items change from compliant to non-compliant.

Ongoing Monitoring of Activity

  • Detection and alerting of activity on all cloud platform resources, such as new activity in a region, activation of new services, or changes to access control lists.
  • Changes to users, roles, or access policies.
  • Access or customer master key tampering.
  • Reduce alert fatigue with customizable alerts and reports that eliminate repetitive or irrelevant results.

Lacework's Cloud Workload and Container Security Solutions

Are Trusted by These Amazing Companies

Customer Reviews

Supported Platforms

FAQs About Lacework's Configuration Compliance Solution

Lacework uses best practice checks including CIS benchmarks to evaluate security relevant configurations in Amazon AWS, Google GCP, and Microsoft Azure.

Lacework has mappings to PCI, HIPAA, SOC 2, and NIST 800-54 Rev 4.

Lacework supports continuous monitoring of your configurations in your cloud accounts. As configurations drift from best practices, they are detected and an alert is generated. These alerts can be configured to be sent to many of the common alert tools such as Slack, Splunk, Pagerduty, etc.

Lacework has checks for AWS, Azure, and GCP. Lacework provides a single platform that can can support compliance efforts without the need for deploying multiple tools for each cloud provider.

Lacework performs configuration checks based on industry accepted best practices such as CIS. Lacework will then supply reports listing all resources that are in violation, which support remediation efforts. These reports can then be provided to auditors to act as evidence of meeting compliance requirements.

Share this with your network
Twitter Twitter Twitter Share